Exam PT0-002 topic 1 question 86 discussion

Scapy is manipulation tool

The correct answer is D. hping3. hping3 is a packet crafting tool that allows a user to easily craft and manipulate custom TCP packets, including the ability to adjust the TCP header length and checksum. It also allows the user to observe how the target responds to the custom packets. By contrast, Nmap is a port scanning utility, tcpdump is a packet sniffer, and Scapy is a powerful packet manipulation tool, but none of these tools have the same capabilities as hping3.

Scapy can't observe how a service responds, but hping3 can.

The tool that allows a security professional to programmatically manipulate TCP header length, checksum, and other packet details using arbitrary numbers is: C. Scapy Scapy is a powerful Python library and interactive tool that enables the creation, manipulation, sending, and receiving of network packets. It is often used for network discovery, scanning, and vulnerability testing, and it can be very useful when testing how a proprietary service responds to specifically crafted or invalid packets. Options A, B, and D are valuable tools in the networking and security domains, but Scapy is particularly well-suited for this kind of packet manipulation and analysis.

Scapyy is the right. Comptia Self Study book, on appendix under crafting tool say Scapy

hping3 is scriptable using the Tcl language. but, Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, …. In scapy you define a set of packets, then it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.

Scapy is a powerful packet manipulation tool that allows users to craft, send, and receive custom TCP packets. It can be used to manipulate the TCP headers and to observe the response from the proprietary service.

Share your answer Hping 3 or Scapy? my answer is Scapy

By definition from Wiki, it is Scapy.

c correct

C scapy correct https://scapy.readthedocs.io/en/latest/introduction.html#about-scapy

I am thinking D (hiping3) as it allows you to view the response. For example, SCAPY, in this video. They had to run Wireshark on the destination machine to confirm the ICMP packet was received. https://www.youtube.com/watch?v=sXUByO9knmI

Scaly is a powerful interactive packet manipulation program. It replaces tools such as hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, Tshark, p0f and others. It’s definitely C

Which this is why it could be both scapy or hping3 based off of what it's asking. I misspoke on the analysis of receiving packets.

Scapy can only manipulate. It can't see the response back. Answer is D. https://www.kali.org/tools/hping3/